package org.water.common.shiro.filter;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;
import org.water.base.entity.R;
import org.water.common.bind.method.ResultFormatReturnValue;
import org.water.common.exception.SysCode;

/**
 * 授权访问
 * @author qzy
 *
 */
public class UserPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter {

	/**
	 * 权限认证
	 */
	@Override
	public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws IOException {
		return super.isAccessAllowed(request, response, mappedValue);
	}
	/**
	 *不可访问处理 
	 */
	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		
		HttpServletRequest httpRequest=(HttpServletRequest) request;
		HttpServletResponse httpResponse=(HttpServletResponse) response;
		if(httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
			httpResponse.setStatus(HttpStatus.OK.value());
            return true;
        }
		ResultFormatReturnValue.instance().setResultValue(R.instance().setCode(SysCode.unauthorized.getCode()).setMsg(SysCode.unauthorized.getMsg()), 
				httpRequest, httpResponse);
		return false;
	}

}
